During a transaction between two parties, each party typically wants assurance as to the authenticity of the identity and/or the data relating to the other party so to avoid a variety of problems, one of which is fraud. Such transactions can be either payment or non-payment in nature. In non-payment transactions, for example, one party may want to confirm the identity of the other party before disclosing certain information. On the other hand, during a payment transaction using a payment card (e.g., a credit, debit, or stored value card), it is important to verify a user's ownership of an account to avoid unauthorized use of the payment card.
Authentication procedures during transactions when two parties are interacting in each other's physical presence (referred to as “in-person” transactions) can involve verifying that the signature of a user matches the signature on an identification or a payment card. Another authentication procedure involves verifying that a photograph contained in a form of identification matches the physical appearance of the user.
However, online transactions are riskier because the “in-person” authentication procedures cannot be performed. Online transactions can be conducted through mediums such as but not limited to computers, mobile devices, telephones, or interactive television. Given the continued expected growth of electronic transactions, it is important to provide methods to authenticate the identity and profile data of individuals. Authentication techniques during online transactions will reduce the levels of fraud and disputes, which in turn will reduce the costs associated with each of these events. Prior systems used to authenticate users during online transactions have not been widely adopted because these systems were difficult to use, had complex designs, required significant up-front investment by system participants and lacked interoperability. Certain prior systems additionally required the creation, distribution and use of certificates by various entities involved in a transaction. Such use of certificates is known to be quite burdensome.
Current systems for authenticating the identity and/or the profile data of individuals online for non-payment transactions use existing databases of information to determine a likelihood that profile data entered by an individual is authentic. These systems operate by asking specific factual questions of which only a limited number of parties would know the answer. For example, such systems may ask for the exact amount of the presenter's latest payment for a specific bill (e.g., a mortgage payment). Such a question could also inquire about the last two digits of such a payment, rather than the entire amount. Using such questions, these service providers are able to determine the likelihood (e.g., a numerical percentage) that the actual individual provided the correct answers. Correct answers do not lead to a definitive indication that the actual individual entered the correct answer because the possibility exists that an imposter made a lucky guess as to the answer or that an imposter discovered the correct answer through secretive investigation. Unfortunately because of these possibilities, the current systems cannot provide definite indication as to authenticity of profile data. For example, Equifax (see www.econsumer.equifax.com) and Experion Systems (see www.experionsystems.com) provide such services.
In view of the foregoing, a system for authenticating the identity and profile data of an individual during an online transaction would be desirable. Such an authenticating system should be relatively easy to implement and use, require a minimal investment of resources, and provide a high level of interoperability between the system's participants.